Law firm (Debt Collector) refusing Subject Access Request citing "Legal Privilege" & offering a summary. Is there anything I can do?
Hi everyone, looking for some technical advice on how to handle a law firm that seems to be misapplying GDPR exemptions.
Context: A corporate energy supplier and their instructed law firm (acting as debt collectors) aggressively chased me for months over a debt I did not owe. I am a commercial freeholder, and they incorrectly billed me for an upstairs leasehold flat. The energy supplier has now finally admitted their mistake and dropped the case, but the law firm's handling of my data has been highly suspect.
The SAR: While fighting the case, I submitted a formal Subject Access Request to the law firm hoping to get an understanding into why they are chasing me for this debt, explicitly requesting full copies of all personal data, internal case management logs, and communications regarding my account.
Their Response: They missed the 30-day deadline, and when they finally replied, they completely refused to provide the source documents. Instead, they gave me a 3-line "summary" (which just contained my name and address). They justified withholding the full file with the following exact quotes:
- "The information we hold is interlinked with third-party data, commercially sensitive content, or legally privileged material. Providing a summary allows us to give you all information without infringing others’ rights."
- "Some records contain internal assessments, security-related content, or technical logs that cannot be released in full."
My Assessment & Questions for the sub: My understanding of ICO guidance is that Legal Professional Privilege (LPP) only covers communications made for the dominant purpose of legal advice. Standard debt-collection case management logs, system notes, and automated actions are administrative and should not be covered by LPP.
Furthermore, even if the file does contain legally privileged or commercially sensitive third-party data, shouldn't they be legally obligated to redact those specific lines and provide the remainder of the documents, rather than using it as a blanket excuse to withhold the entire file and offer a "summary"?